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DETAILED ACTION 



Response to Amendment 

1 . Applicant has amended claims 16 and 17 in the amendment filed on 7/31/2009. 
Claims 2-6, 8 and 16-18 are pending in this office action. 



Response to Arguments 

2. Applicant's arguments filed on 7/31/2009 with respect to claims 2-6, 8 and 6-18 
have been considered but are moot in view of the new ground(s) of rejection. 



Regarding to applicant arguments: 

• Applicant asserted, on pages 6-8 that Grantges, Jr. et al. (US Pat. No. 
6,510,464 B1), hereinafter Grantges, discloses the connections between the 
web browser 22 and the system 20 (including DMZ Proxy server 24 and the 
Application Gateway 38, etc.) are always initiated by the web browser. There 
is no capability for the system 20 to initiate a connection of any sort to the 
web browser but rather must always use a connection initiated by the web 
browser. 

In response to applicant's argument, examiner respectfully disagrees 
because Grantges discloses sending the "options page" included applications to 
be selected in message 78 to client computer 22 via the proxy servers 34 and 40 
interpreted as notification of set up an access to the selected applications (see 
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e.g., col. 9 lines 6-24; and FIGS. 1-2); and the client computer 22 is authorized to 
access the selected applications via the proxy servers 34 and 40 (see e.g., FIGS. 
5-7). 

Furthermore, applicant is reminded that the examiner is entitled to the broadest 
reasonable interpretation of the claims. The Applicants always have the opportunity to 
amend the claims during prosecution and broad interpretation by the examiner reduces 
the possibility that the claim, once issued, will be interpreted more broadly than is 
justified. In re Prater 162 USPQ 541,550-51 (CCPA 1969). Therefore, the 
aforementioned assertion is moot. 



Claim Rejections - 35 USC §112 

3. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. Claims 2-6, 8 and 16-18 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. 

The amended limitation "the gateway including notification means for initiating an 
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unauthenticated and unencrypted connection to one or more of the application hosting 
sub-systems and transmitting over this or each such connection a notification for 
notifying said one or more of the application hosting sub-systems that it should initiate a 
secure authenticated connection with the gateway when the notification means is 
requested so to do by any one of the services offered by the first sub-system" in claim 
16 lines 12-17; and added limitation "initiating from the notification means to the 
application hosting sub-system an unauthenticated and unencrypted connection and 
transmitting over this connection the notification for notifying said application hosting 
sub-system that it should initiate a secure authenticated connection with the gateway" in 
claim 17 lines 15-18, contain subject matter which was not described in the instant 
specification in such a way as to reasonably convey to one skilled in the relevant art that 
the inventor(s), at the time the application was filed, had possession of the claimed 
invention. 

As such, claims 2-6. 8 and 18 are rejected as based on the dependencies on 
the independent claims 16 and 17, respectively. 



Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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6. Claims 2, 8, 16 and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Grantges, Jr. et al. (US Pat. No. 6,510,464 B1), (hereinafter 
Grantges), and further in view of Wilding et al. (US Pub. No. 2005/0050329 A1). 

As per claim 16 , Grantges discloses a system comprising: 

programmed computer devices which execute program code to provide a 
first sub-system and a gateway for offering services provided by the first sub- 
system to one or more application hosting sub-systems via the gateway and a 
data communications network between said gateway and sub-systems; as (see 
e.g., col. 4 lines 7-19; and FIGS. 1-2, as the proxy servers 34 and 40 in FIG. 1 are read 
on the claimed gateway included notification server 220 in Figure 2; the user 18 of a 
client computer 22 interpreted as application hosting sub-system; and web servers 
28.sub.1 , 28. sub. 2, . . . , 28.sub.3 interpreted as a first sub-system). 

the gateway and each application hosting sub-system being arranged to 
permit each application hosting sub-system to initiate a secure and authenticated 
connection from each application hosting sub-system to the gateway as (see e.g., 
col. 5 line 58 to col. 6 line 2; col. 6 lines 37-40; and FIGS. 1-2; as secure connections 52 
and 54) via a non-secure data network connection, and as (see e.g., FIG. 2, as the 
insecure network (Internet) 26). 

the gateway being logically connected to the first sub-system to enable the 
services provided by the first sub-system to be provided to each application 
hosting sub-system as (see e.g., col. 9 lines 19-35; and FIG. 2, as the "options page" 
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presents a list of authorized applications 24.sub.1 , 24. sub. 2, . . . , 24.sub.3 for selection 
by user 18 of client computer 22) via a secured and authenticated connection, as 
(see e.g., FIG. 1; as secure connections 52, 54 and 56). 

when the notification means is requested so to do by any one of the 
services offered by the first sub-system as (see e.g., col. 9 lines 6-24; and FIGS. 1- 
2, wherein the "options page" in message 78 being sent to client computer 22, 
interpreted as notification means; but may not be specific to the feature of the gateway 
including notification means for initiating an unauthenticated and unencrypted 
connection to one or more of the application hosting sub-systems and 
transmitting over this or each such connection a notification for notifying said 
one or more of the application hosting sub-systems that it should initiate a 
secure authenticated connection with the gateway). 

However, Wilding et al. discloses the feature of the gateway including 
notification means for initiating an unauthenticated and unencrypted connection 
to one or more of the application hosting sub-systems and transmitting over this 
or each such connection a notification for notifying said one or more of the 
application hosting sub-systems that it should initiate a secure authenticated 
connection with the gateway which is not explicitly disclosed by Grantges as (see 
e.g., U 0028 - 0040, as the process starting from the step of transmitting the Temporary 
Server Public Key from the service gateway 1 1 0 to the service client 1 08 (i.e., 
interpreted as a notification to verify the authenticated information); until the step of 
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establishing secure, authenticated and encrypted connection between the service 
gateway 1 10 and the service client 108). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to apply Wilding et al. teaching of establishing a secure connection 
into Grantges system in order to direct a client to establish a secure connection with a 
server across a public network via a service gateway (Wilding et al., FIG. 1 and U 0010 
lines 2-4). 

As per claim 17 , Grantges discloses a method of offering services provided 
by a first sub-system to one or more application hosting sub-systems via a 
gateway which includes a notification means for notifying one or more of the 
application hosting sub-systems that it should initiate a secure authorized 
connection with the gateway, the gateway and each application hosting sub- 
system being arranged to permit each application hosting sub-system to initiate a 
secure and authenticated connection from each application hosting sub-system 
to the gateway via a non-secure data network connection, and the gateway being 
logically connected to the first sub-system to enable the services provided by the 
first sub-system to be provided to each application hosting sub-system via a 
secured and authenticated connection, the method comprising: 

sending a request from a service wishing to set up a secure and 
authenticated connection to an application hosting sub-system as (see e.g., col. 9 
lines 19-35; and FIG. 2, as the "options page" presents a list of authorized applications 
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24.sub.1, 24. sub. 2, . . . , 24.sub.3 interpreted as a service to user 18 of client computer 
22 to make a selection). 

However, Grantges does not explicitly disclose: 

that the notification means send a notification to a respective application 
hosting sub-system to notify it that it should initiate a secure authenticated 
connection with the gateway; 

initiating from the notification means to the application hosting sub-system 
an unauthenticated and unencrypted connection and transmitting over this 
connection the notification for notifying said application hosting sub-system that 
it should initiate a secure authenticated connection with the gateway; 

causing the application hosting sub-system to set up a secure and 
authenticated connection with the gateway in response to receipt of the 
notification; and communicating with the initiating service via said connection. 

Wilding et al. discloses: 

that the notification means send a notification to a respective application 
hosting sub-system to notify it that it should initiate a secure authenticated 
connection with the gateway; as (see e.g., If 0028 - 0029, as transmitting the 
Temporary Server Public Key from the service gateway 1 10 to the service client 108 
(i.e., interpreted as a notification to verify the authenticated information in order to set up 
a secure, authenticated and encrypted connection between the service gateway 110 
and the service client 108). 
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initiating from the notification means to the application hosting sub-system 
an unauthenticated and unencrypted connection and transmitting over this 
connection the notification for notifying said application hosting sub-system that 
it should initiate a secure authenticated connection with the gateway; as (see e.g., 
U 0029 - 0040, as the process starting from the step of transmitting the Temporary 
Server Public Key from the service gateway 1 10 to the service client 108 (i.e., 
interpreted as a notification to verify the authenticated information); until the step of 
establishing secure, authenticated and encrypted connection between the service 
gateway 110 and the service client 108). 

causing the application hosting sub-system to set up a secure and 
authenticated connection with the gateway in response to receipt of the 
notification; and communicating with the initiating service via said connection as 
(see e.g., U 0040, as establishing secure, authenticated and encrypted connection 
between the service gateway 1 10 and the service client 108). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to apply Wilding et al. teaching of establishing a secure connection 
into Grantges system in order to direct a client to establish a secure connection with a 
server across a public network via a service gateway (Wilding et al., FIG. 1 and U 0010 
lines 2-4). 



As per claim 2 , Grantges discloses the system according to claim 16 in which 
the notification takes the form of a non-executable data file as (see e.g., col. 6 lines 
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36-39; and col. 9 lines 19-34, as the options page in message 80 interpreted as the 
non-executable data file). 

As per claim 8 , Grantges discloses the system according to claim 16, wherein 
the first sub-system is a backend sub-system which provides services to the 
gateway, and as (see e.g., col. 4 lines 7-19; and FIGS. 1-2, as each application 
24.sub.1, 24. sub. 2, . . . , 24.sub.3 includes a respective web server 28. sub. 1, 28. sub. 2, . 
. . , 28.sub.3). 

wherein the server sub-system acts as a trusted intermediary between each 
application hosting sub-system and the backend sub-system as (see e.g., (col. 12 
line 57 to col. 13 line 3; and FIG. 6, as the trustee provides the user with instructions to 
access the certificate authority 50 using the user ID/password; and then sends a 
message 138 to Information Security 48 that contains the information collected from the 
user 18, including what application(s) are being requested for remote access). 

7. Claims 3, 6 and 18 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Grantges, in view of Wilding et al., and further in view of Gupta et al. (US Pat. No. 
6,763,384 B1). 

As per claim 3 , Grantges and Wilding et al. do not explicitly disclose the system 
according to claim 2 in which the notification takes the form of a simple text file 
containing an extensible Markup Language, XML, document. 
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However, Gupta et al. discloses as (see e.g., col. 8 lines 58-66, as notification is 
sent in XML (extensible Markup Language) contained only information regarding the 
content and structure of a message). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to apply Gupta et al. teaching of notifying end users over a network 
of the occurrence of an event into Grantges and Wilding et al. systems in order to notify 
the occurrence of an event by one or more servers to one or more client processes over 
a communication network (Gupta et al., col. 3 lines 13-15). 

As per claim 6 , Grantges and Wilding et al. do not explicitly disclose the system 
according to claim 16 wherein a single notification server receives notifications 
from plural services and forwards these to plural client application hosting sub- 
systems. However, Gupta et al. discloses as (see e.g., col. 4 lines 56-58; col. 8 lines 
30-40; and FIG. 3, as a notification server serves multiple application servers and 
multiple clients). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to apply Gupta et al. teaching of notifying end users over a network 
of the occurrence of an event into Grantges and Wilding et al. systems in order to notify 
the occurrence of an event by one or more servers to one or more client processes over 
a communication network (Gupta et al., col. 3 lines 13-15). 
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As per claim 18 , Grantges and Wilding et al. do not explicitly disclose computer 
readable storage media containing a program or suite of computer programs for 
controlling one or more computer processors to carry out the steps of claim 17 
during execution of the computer program or suite of programs. However, Gupta 
et al. discloses as (see e.g., col. 4 lines 24-42, as a computer program product having a 
computer usable medium having a computer program embodied therein, for providing 
notification of the occurrence of an event over a network). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to apply Gupta et al. teaching of notifying end users over a network 
of the occurrence of an event into Grantges and Wilding et al. systems in order to notify 
the occurrence of an event by one or more servers to one or more client processes over 
a communication network (Gupta et al., col. 3 lines 13-15). 

8. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Grantges, in view of Wilding et al., and further in view of Nishizawa et al. (US Pat. No. 
6,081,906 A). 

As per claim 4 , Grantges and Wilding et al. do not explicitly disclose the system 
according to claim 16 wherein the notification means is operable to run separate 
threads for controlling the forwarding of separate notifications to the client 
application. However, Nishizawa et al. discloses as (see e.g., col. 5 lines 12-35, as 
multi -thread RPC processing of the event notification). 
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It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to apply Nishizawa et al. teaching of implementing the multi-thread 
processing with queuing into Grantges and Wilding et al. systems in order to achieve 
faster response time in sending notifications to clients. 

9. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Grantges, in view of Wilding et al., and further in view of Osterman (US Pat. No. 
5,935,211 A). 

As per claim 5 , Grantges and Wilding et al. do not explicitly disclose the system 
according to claim 16, wherein the notification means includes means for 
permitting each service provided by the first sub-system to specify the number of 
times which a notification is to be retried in the event of failure to deliver the 
notification and means for server retrying to deliver the notification up to the 
specified number of times in the event of failure to deliver the notification over 
the non-secure network. 

However, Osterman discloses as (see e.g., col. 7 lines 43-54, as set polling time 
to every 10 minutes and stop sending if not updated after 25 minutes). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to apply Osterman teaching of providing status information to the 
client processes into Grantges and Wilding et al. systems in order to provide a 
technique that permits client processes to reduce the frequency with which they poll the 
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server processes. This, in turn, dramatically reduces the burden on the server process 
imposed by such polling (Osterman, col. 2 lines 51-54). 

Conclusion 

10. The following prior art made of record on form PTO-892 and not relied upon is 
cited to establish the level of skill in the applicant's art and those arts considered 
reasonably pertinent to applicant's disclosure. See MPEP 707.059(c). 

Bonefasetal. US- 2002/0052968 A1 
llnickietal. US- 6,751 ,677 B1 
Haenel et al . US- 2005/01 08574 A1 

1 1 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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